https://connect.hyland.com/t5/alfresco-forum/adf-csrf-error/m-p/41892#M17572 <P>I am using ADF with APS.</P><P>During Login I am getting CSRF Error.</P><P>ADF is using Rest API to communicate with APS and it is using Public API.</P><P>As Per this&nbsp;<A href="https://docs.alfresco.com/process-services1.9/topics/cross_site_request_forgery.html" target="_blank" rel="noopener nofollow noreferrer">https://docs.alfresco.com/process-services1.9/topics/cross_site_request_forgery.html</A>&nbsp;is is saying that for Public API CSRF Protection is not required.</P><P>One solution is we can disable in APS but it may create some security issue.</P><P>Can any one clarify on this?</P><P>Login component having disableCsrf but not working.</P><P>I am using this login api as we have custom login page.&nbsp;<A href="https://www.alfresco.com/abn/adf/docs/core/services/authentication.service/" target="_blank" rel="nofollow noopener noreferrer">https://www.alfresco.com/abn/adf/docs/core/services/authentication.service/</A></P><P><A href="https://migration33.stage.lithium.com/t5/user/viewprofilepage/user-id/16045">@afaust</A>&nbsp;&nbsp;<A href="https://migration33.stage.lithium.com/t5/user/viewprofilepage/user-id/5487">@angelborroy</A>&nbsp;</P> Tue, 01 Dec 2020 13:52:32 GMT sp2 2020-12-01T13:52:32Z https://connect.hyland.com/t5/alfresco-forum/adf-csrf-error/m-p/41892#M17572 <P>I am using ADF with APS.</P><P>During Login I am getting CSRF Error.</P><P>ADF is using Rest API to communicate with APS and it is using Public API.</P><P>As Per this&nbsp;<A href="https://docs.alfresco.com/process-services1.9/topics/cross_site_request_forgery.html" target="_blank" rel="noopener nofollow noreferrer">https://docs.alfresco.com/process-services1.9/topics/cross_site_request_forgery.html</A>&nbsp;is is saying that for Public API CSRF Protection is not required.</P><P>One solution is we can disable in APS but it may create some security issue.</P><P>Can any one clarify on this?</P><P>Login component having disableCsrf but not working.</P><P>I am using this login api as we have custom login page.&nbsp;<A href="https://www.alfresco.com/abn/adf/docs/core/services/authentication.service/" target="_blank" rel="nofollow noopener noreferrer">https://www.alfresco.com/abn/adf/docs/core/services/authentication.service/</A></P><P><A href="https://migration33.stage.lithium.com/t5/user/viewprofilepage/user-id/16045">@afaust</A>&nbsp;&nbsp;<A href="https://migration33.stage.lithium.com/t5/user/viewprofilepage/user-id/5487">@angelborroy</A>&nbsp;</P> Tue, 01 Dec 2020 13:52:32 GMT https://connect.hyland.com/t5/alfresco-forum/adf-csrf-error/m-p/41892#M17572 sp2 2020-12-01T13:52:32Z https://connect.hyland.com/t5/alfresco-forum/adf-csrf-error/m-p/41893#M17573 <P>The APS CSRF guard can safely be disabled. It does not add any kind of security that is more than just the placebo effect of ticking the "CSRF"-box. Somewhere on this platform, an Alfresco engineer of ADF has unmistakingly stated that CSRF is not required for the ADF app and can be disabled. I have had to disable CSRF at three customers now because of the bugs / side effects it introduced.</P> Tue, 01 Dec 2020 14:40:07 GMT https://connect.hyland.com/t5/alfresco-forum/adf-csrf-error/m-p/41893#M17573 afaust 2020-12-01T14:40:07Z